Running Aces Casino, Hotel & Racetrack experienced a Qilin-attributed ransomware intrusion that compromised its network, enabling unauthorized access and exfiltration of sensitive customer PII (names, Social Security numbers, dates of birth, and driver’s license numbers), prompting regulatory notification and remediation actions.

Resilience, Attack Surface, and Exposure (RASE)

Threat actors associated with the Qilin ransomware operation infiltrated Asahi’s Japan network through compromised equipment, exfiltrated personal and business data affecting roughly 1.5–2 million customers, employees, and related contacts, and deployed ransomware that encrypted multiple servers and PCs, causing widespread operational shutdowns and significant service disruption across Japan.

The OSINT reports that threat actors deploying Qilin ransomware are using a previously undocumented Windows malware packer, TangleCrypt, to hide and launch the STONESTOP EDR-killer with the ABYSSWORKER driver, using multi-layered encoding and flexible injection techniques but with implementation flaws that can cause crashes and reduce reliability.